Google Safe Browsing (High Level)

Transcript

1. None

2. • What is SafeBrowsing? • How we (Firefox) use SafeBrowsing

   • How you can use SafeBrowsing

3. What is Safe Browsing? safebrowsing.google.com

4. It’s a free service operated by Google • It hosts

   lists of urls • malware • other unwanted software • phishing / social engineering • It’s used by Android, Gmail, Ads, Search, Chrome, Firefox, Safari, Opera

5. visiting malware url in Firefox

6. visiting unwanted software url in Firefox

7. visiting phishing url in Firefox

8. How are urls added to the lists?

9. phishing url

10. submit to Safe Browsing https://safebrowsing.google.com/safebrowsing/ report_badware/?hl=en

11. submit from Firefox Help → Report Deceptive Site

12. submit from Firefox

13. How many sites are in the lists?

14. https://transparencyreport.google.com/safe-browsing/overview

15. https://transparencyreport.google.com/safe-browsing/overview

16. https://transparencyreport.google.com/safe-browsing/overview

17. https://transparencyreport.google.com/safe-browsing/overview

18. How often do people encounter these sites?

19. https://transparencyreport.google.com/safe-browsing/overview

20. How does use Safe Browsing?

21. https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/

22. Firefox extension 2005

23. added to Firefox 2006

24. Checking “live” adds too much latency to page loads •

    Firefox gets new bad urls from Google every 30m • Before displaying a page to a user, check local db

25. The whole list is too big to download • each

    URL is canonicalized • then hashed • only the first 32 bits are kept

26. False positives • Many urls could have the same 32-bit

    hash prefix • Get all the full hashes with the 32-bit prefix from the server • If page doesn’t match a full hash, it’s not on the list

27. Download protection • Download the file • Check the main

    url, referrer and redirect chain against local blocklist; block if match • (Windows) if signed, check signature against allow-list of good publishers • If file is not binary, allow • If binary, send metadata to application reputation server

28. What metadata? • filename • filesize • sha256 hash •

    locale

29. Privacy • Browsers don't send all visited urls to Google

    • Safe Browsing data is never used anywhere else at Google • Firefox removes query string params from download check • Firefox stores Safe Browsing cookies in separate storage • Firefox adds a number of extra “noise” 32-bit hashes when requesting complete hashes

30. How can you use it?

31. developers.google.com/safe-browsing

32. Need to get your site off the list? https://support.google.com/webmasters/answer/3258249?hl=en&ref_topic=4596795

33. https://developers.google.com/safe-browsing/v4/lookup-api

34. https://developers.google.com/safe-browsing/v4/update-api